JP2005528690A - セキュア実行モード例外 - Google Patents
セキュア実行モード例外 Download PDFInfo
- Publication number
- JP2005528690A JP2005528690A JP2004509788A JP2004509788A JP2005528690A JP 2005528690 A JP2005528690 A JP 2005528690A JP 2004509788 A JP2004509788 A JP 2004509788A JP 2004509788 A JP2004509788 A JP 2004509788A JP 2005528690 A JP2005528690 A JP 2005528690A
- Authority
- JP
- Japan
- Prior art keywords
- security
- address
- security exception
- register
- sem
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2153—Using hardware token as a secondary aspect
Abstract
Description
Claims (10)
- セキュアメモリ内のベースアドレスにセキュリティ例外スタックフレーム(900)を作成し、
フォールティングコードシーケンスアドレスおよび1つ以上のレジスタ値を前記セキュリティ例外スタックフレーム(900)に書き込み、
複数のセキュリティ例外命令を実行する、方法。 - 前記セキュリティ例外スタックフレーム(900)の作成では、ハードウェアセキュア実行モードセキュリティ例外およびソフトウェアセキュア実行モードセキュリティ例外の少なくとも1つを含むセキュリティ例外を受信し、
前記セキュアメモリの前記ベースアドレスに前記セキュリティ例外スタックフレーム(900)の作成では、前記セキュリティ例外と関連付けられたエラーコードの位置を識別する、請求項1に記載の方法。 - 前記セキュアメモリの前記ベースアドレスの前記セキュリティ例外スタックフレーム(900)の作成では、
エラーコード上にターゲットアドレスを書き込み、
1つ以上のレジスタ(510)から複数のレジスタ値を書き込む、請求項1に記載の方法。 - ターゲットアドレスおよび複数のレジスタ値を1つ以上のセキュアレジスタ(510)から読み取る、請求項1に記載の方法。
- 前記セキュアメモリの前記ベースアドレスに前記セキュリティ例外スタックフレーム(900)の作成では、前記ベースアドレスおよび前記セキュアメモリにあるオフセットにスタックポインタを書き込む、請求項1に記載の方法。
- セキュリティレジスタ(902)にあるアドレスと、ベースメモリアドレスレジスタからのアドレスとをスワッピングし、前記ベースメモリアドレスレジスタからの前記アドレスと、前記セキュリティレジスタ(902)にある前記アドレスとをスワッピングする、請求項1に記載の方法。
- 前記複数のセキュリティ例外命令の実行では、エラーコードの解析、または、前記セキュリティ例外の原因を決定するためのフォールティング命令のデコードがなされる、請求項1に記載の方法。
- リクエストをモニタするように構成され、リクエストの一つに応答してセキュリティ例外を生成するようにさらに構成された、1つ以上のセキュリティチェックユニット(316)と、
複数のセキュア格納位置(510)と、
セキュアメモリ内のベースアドレスにセキュリティ例外スタックフレーム(900)を作成し、フォールティングコードシーケンスアドレスおよび1つ以上のレジスタ値を前記セキュリティ例外スタックフレーム(900)に書き込むように構成されたプロセッサ(302)と、を含み、
前記プロセッサ(302)は、セキュリティカーネル(404)を実行するようにさらに構成され、当該セキュリティカーネル(404)が、複数のセキュリティ例外命令を実行するように構成される、システム。 - 前記セキュリティカーネル(404)は、エラーコード、ハードウェアセキュア実行モードセキュリティ例外通知、およびソフトウェアセキュア実行モードセキュリティ例外通知の少なくとも1つを含む、セキュリティ例外通知を受信するようにさらに構成される、請求項8に記載のシステム。
- 前記プロセッサ(302)が、
1つ以上のセキュアレジスタ(510)から1つ以上のレジスタ値を読み取り、
前記セキュリティメモリへ1つ以上のレジスタ値を書き込み、
前記セキュリティカーネル(404)に制御を移すようにさらに構成される、請求項8に記載のシステム。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/161,500 US7451324B2 (en) | 2002-05-31 | 2002-05-31 | Secure execution mode exceptions |
PCT/US2002/040219 WO2003102770A1 (en) | 2002-05-31 | 2002-12-17 | Secure execution mode exceptions |
Publications (1)
Publication Number | Publication Date |
---|---|
JP2005528690A true JP2005528690A (ja) | 2005-09-22 |
Family
ID=29583455
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2004509788A Pending JP2005528690A (ja) | 2002-05-31 | 2002-12-17 | セキュア実行モード例外 |
Country Status (7)
Country | Link |
---|---|
US (1) | US7451324B2 (ja) |
EP (1) | EP1509843A1 (ja) |
JP (1) | JP2005528690A (ja) |
KR (1) | KR100992611B1 (ja) |
CN (1) | CN1628284B (ja) |
AU (1) | AU2002361717A1 (ja) |
WO (1) | WO2003102770A1 (ja) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2015514252A (ja) * | 2012-03-30 | 2015-05-18 | インテル コーポレイション | オペレーティングシステムに対する悪意ある活動のレポート |
JP2017526071A (ja) * | 2014-08-18 | 2017-09-07 | ビットディフェンダー アイピーアール マネジメント リミテッド | 仮想マシンを終了する際に現在のプロセッサ命令の結果を公開するためのシステムおよび方法 |
Families Citing this family (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7334123B2 (en) * | 2003-05-02 | 2008-02-19 | Advanced Micro Devices, Inc. | Computer system including a bus bridge for connection to a security services processor |
US7784063B2 (en) * | 2004-01-09 | 2010-08-24 | Hewlett-Packard Development Company, L.P. | Method and apparatus for system caller authentication |
US7617534B1 (en) | 2005-08-26 | 2009-11-10 | Symantec Corporation | Detection of SYSENTER/SYSCALL hijacking |
US7685638B1 (en) | 2005-12-13 | 2010-03-23 | Symantec Corporation | Dynamic replacement of system call tables |
US8572729B1 (en) * | 2006-01-30 | 2013-10-29 | Mcafee, Inc. | System, method and computer program product for interception of user mode code execution and redirection to kernel mode |
US8214296B2 (en) * | 2006-02-14 | 2012-07-03 | Microsoft Corporation | Disaggregated secure execution environment |
EP1881404A1 (fr) * | 2006-07-20 | 2008-01-23 | Gemplus | Procédé de protection dynamique des données lors de l'exécution d'un code logiciel en langage intermédiaire dans un appareil numérique |
GB2478733B (en) | 2010-03-15 | 2013-08-14 | Advanced Risc Mach Ltd | Apparatus and method for handling exception events |
US9298911B2 (en) | 2013-03-15 | 2016-03-29 | Intel Corporation | Method, apparatus, system, and computer readable medium for providing apparatus security |
CN106569904A (zh) * | 2015-10-09 | 2017-04-19 | 中兴通讯股份有限公司 | 一种信息存储方法和装置、及服务器 |
US10146606B2 (en) * | 2016-04-06 | 2018-12-04 | Dell Products, Lp | Method for system debug and firmware update of a headless server |
CN106454914A (zh) * | 2016-11-10 | 2017-02-22 | 邦彦技术股份有限公司 | 一种ims的大批量业务出现异常的定位方法及装置 |
US11783064B2 (en) * | 2017-07-10 | 2023-10-10 | Intel Corporation | Techniques to provide hardware enforced protection environment for a system management mode |
CN107807870B (zh) * | 2017-10-30 | 2021-04-27 | 郑州云海信息技术有限公司 | 一种存储服务器主板掉电保护功能的测试方法和系统 |
CN109787777B (zh) * | 2017-11-10 | 2020-04-03 | 北京金山云网络技术有限公司 | 一种网卡模式切换方法、装置、电子设备及存储介质 |
CN112269597B (zh) * | 2020-10-23 | 2023-03-24 | 中国人民解放军战略支援部队信息工程大学 | 处理器指令异常行为检测方法及系统 |
US11797713B2 (en) | 2020-12-16 | 2023-10-24 | International Business Machines Corporation | Systems and methods for dynamic control of a secure mode of operation in a processor |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5684948A (en) * | 1995-09-01 | 1997-11-04 | National Semiconductor Corporation | Memory management circuit which provides simulated privilege levels |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5784631A (en) * | 1992-06-30 | 1998-07-21 | Discovision Associates | Huffman decoder |
US5369770A (en) * | 1992-11-02 | 1994-11-29 | Microsoft Corporation | Standardized protected-mode interrupt manager |
US5535397A (en) * | 1993-06-30 | 1996-07-09 | Intel Corporation | Method and apparatus for providing a context switch in response to an interrupt in a computer process |
US5937186A (en) * | 1994-03-24 | 1999-08-10 | International Business Machines Corporation | Asynchronous interrupt safing of prologue portions of computer programs |
US6957332B1 (en) * | 2000-03-31 | 2005-10-18 | Intel Corporation | Managing a secure platform using a hierarchical executive architecture in isolated execution mode |
US6792499B1 (en) * | 2000-11-14 | 2004-09-14 | Cypress Semiconductor Corp. | Dynamic swapping of memory bank base addresses |
US6697959B2 (en) * | 2000-12-20 | 2004-02-24 | Bull Hn Information Systems Inc. | Fault handling in a data processing system utilizing a fault vector pointer table |
US6725362B2 (en) * | 2001-02-06 | 2004-04-20 | Intel Corporation | Method for encoding an instruction set with a load with conditional fault instruction |
-
2002
- 2002-05-31 US US10/161,500 patent/US7451324B2/en active Active
- 2002-12-17 KR KR1020047019413A patent/KR100992611B1/ko not_active IP Right Cessation
- 2002-12-17 WO PCT/US2002/040219 patent/WO2003102770A1/en active Application Filing
- 2002-12-17 EP EP02797355A patent/EP1509843A1/en not_active Ceased
- 2002-12-17 CN CN028290593A patent/CN1628284B/zh not_active Expired - Lifetime
- 2002-12-17 AU AU2002361717A patent/AU2002361717A1/en not_active Abandoned
- 2002-12-17 JP JP2004509788A patent/JP2005528690A/ja active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5684948A (en) * | 1995-09-01 | 1997-11-04 | National Semiconductor Corporation | Memory management circuit which provides simulated privilege levels |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2015514252A (ja) * | 2012-03-30 | 2015-05-18 | インテル コーポレイション | オペレーティングシステムに対する悪意ある活動のレポート |
JP2017526071A (ja) * | 2014-08-18 | 2017-09-07 | ビットディフェンダー アイピーアール マネジメント リミテッド | 仮想マシンを終了する際に現在のプロセッサ命令の結果を公開するためのシステムおよび方法 |
Also Published As
Publication number | Publication date |
---|---|
CN1628284B (zh) | 2013-04-24 |
KR20040111714A (ko) | 2004-12-31 |
KR100992611B1 (ko) | 2010-11-08 |
EP1509843A1 (en) | 2005-03-02 |
US20030226022A1 (en) | 2003-12-04 |
CN1628284A (zh) | 2005-06-15 |
US7451324B2 (en) | 2008-11-11 |
WO2003102770A1 (en) | 2003-12-11 |
AU2002361717A1 (en) | 2003-12-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6823433B1 (en) | Memory management system and method for providing physical address based memory access security | |
US20030226014A1 (en) | Trusted client utilizing security kernel under secure execution mode | |
US6854039B1 (en) | Memory management system and method providing increased memory access security | |
US7401358B1 (en) | Method of controlling access to control registers of a microprocessor | |
US8051301B2 (en) | Memory management system and method providing linear address based memory access security | |
US8135962B2 (en) | System and method providing region-granular, hardware-controlled memory encryption | |
US7043616B1 (en) | Method of controlling access to model specific registers of a microprocessor | |
US7451324B2 (en) | Secure execution mode exceptions | |
US7127548B2 (en) | Control register access virtualization performance improvement in the virtual-machine architecture | |
US7130977B1 (en) | Controlling access to a control register of a microprocessor | |
JP2022503562A (ja) | 範囲チェック命令 | |
US7082507B1 (en) | Method of controlling access to an address translation data structure of a computer system | |
JPS6248258B2 (ja) | ||
KR101001344B1 (ko) | 구획된 보안을 위한 입/출력 허가 비트맵 | |
US7426644B1 (en) | System and method for handling device accesses to a memory providing increased memory access security | |
JP2021512400A (ja) | メモリ・アクセスにおける保護タグ・チェックの制御 | |
US7383584B2 (en) | System and method for controlling device-to-device accesses within a computer system | |
JP7349437B2 (ja) | メモリ・アクセスにおける保護タグ・チェックの制御 | |
US20210157601A1 (en) | Exception interception | |
WO2023209323A1 (en) | Exception return state lock parameter |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20051129 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20080701 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20081001 |
|
A602 | Written permission of extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A602 Effective date: 20081008 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20081104 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20081110 |
|
A602 | Written permission of extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A602 Effective date: 20081111 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20090113 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20090413 |
|
A602 | Written permission of extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A602 Effective date: 20090420 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20090513 |
|
A602 | Written permission of extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A602 Effective date: 20090520 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20090615 |
|
A602 | Written permission of extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A602 Effective date: 20090622 |
|
A02 | Decision of refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A02 Effective date: 20100202 |
|
RD03 | Notification of appointment of power of attorney |
Free format text: JAPANESE INTERMEDIATE CODE: A7423 Effective date: 20100421 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20100602 |
|
A911 | Transfer to examiner for re-examination before appeal (zenchi) |
Free format text: JAPANESE INTERMEDIATE CODE: A911 Effective date: 20100714 |
|
RD05 | Notification of revocation of power of attorney |
Free format text: JAPANESE INTERMEDIATE CODE: A7425 Effective date: 20100902 |
|
A912 | Re-examination (zenchi) completed and case transferred to appeal board |
Free format text: JAPANESE INTERMEDIATE CODE: A912 Effective date: 20101008 |